<%#
kind: snippet
name: remote_execution_pull_setup
model: ProvisioningTemplate
snippet: true
description: |
  Snippet for installing and setting up a client to be reachable by remote execution in pull mode
-%>

echo "Starting deployment of REX pull provider"
# check if system is registered
subscription-manager identity > /dev/null
if [ $? -ne 0 ]; then
    echo "Please register with subscription-manager first, then re-run '$0'."
    exit 1
fi

set -e

<%= install_packages('foreman_ygg_worker') %>

echo "Getting configuration from subscription-manager..."
KPPTEMPFILE=$(mktemp kpp_tempfile_XXXXXXXX)
trap "rm -f $KPPTEMPFILE" EXIT
subscription-manager config --list > $KPPTEMPFILE
CONSUMER_CERT_DIR=$(grep 'consumercertdir' $KPPTEMPFILE | cut -d= -f2 | xargs | sed 's/[][]//g')
CERT_FILE=$CONSUMER_CERT_DIR/cert.pem
KEY_FILE=$CONSUMER_CERT_DIR/key.pem
CA_FILE=$(grep 'repo_ca_cert = ' $KPPTEMPFILE | cut -d= -f2 | xargs | cut -d ' ' -f1)
SERVER_NAME=$(grep 'hostname = ' $KPPTEMPFILE | cut -d= -f2 | xargs | cut -d ' ' -f1)

# fail if no server name, cert dir, or ca file
if [ -z "$SERVER_NAME" ] || [ -z "$CONSUMER_CERT_DIR" ] || [ -z "$CA_FILE" ]; then
    echo "Unable to determine config from 'subscription-manager config --list'; exiting"
    exit 1
fi

# fail if client is not registered to a Katello
if ! grep -q 'prefix = \/rhsm' $KPPTEMPFILE; then
    echo "Client is registered to RHSM; exiting"
    exit 1
fi

# set SYSCONFDIR to /etc if it is not set
if [ -z "$SYSCONFDIR" ]; then
    SYSCONFDIR=/etc
fi

# see if /etc/yggdrasil/config.toml exists
CONFIGTOML=$SYSCONFDIR/yggdrasil/config.toml
if [ -f $CONFIGTOML ]; then
    # make a backup of CONFIGTOML
    cp $CONFIGTOML $CONFIGTOML.bak
    cat <<EOF > $CONFIGTOML
# yggdrasil global configuration settings written by katello-pull-transport-migrate
broker = ["mqtts://$SERVER_NAME:1883"]
server = ["mqtts://$SERVER_NAME:1883"]
cert-file = "$CERT_FILE"
key-file = "$KEY_FILE"
ca-root = ["$CA_FILE"]
log-level = "error"
data-host = ""
path-prefix = "yggdrasil"
EOF

else
    echo "$SYSCONFDIR/yggdrasil/config.toml not found! Did 'yggdrasil' package installation succeed?"
    exit 1
fi

YGGDRASIL_SERVICE=yggdrasil.service
if ! systemctl list-unit-files "$YGGDRASIL_SERVICE" | grep -q "^$YGGDRASIL_SERVICE"; then
    YGGDRASIL_SERVICE="yggdrasild.service"
fi

# start the yggdrasild service
if systemctl is-enabled $YGGDRASIL_SERVICE 2>/dev/null && [ -n "$YGGDRASIL_RESTART_DELAY" ] && [ "$YGGDRASIL_RESTART_DELAY" -gt 0 ]; then
    systemd-run --on-active="$YGGDRASIL_RESTART_DELAY" --collect --no-block systemctl restart $YGGDRASIL_SERVICE
else
    echo "Starting $YGGDRASIL_SERVICE..."
    systemctl try-restart $YGGDRASIL_SERVICE
    systemctl enable --now $YGGDRASIL_SERVICE

    # check status of $YGGDRASIL_SERVICE and fail if it is not running
    # possible failure reason: incorrect protocol (should be tcp:// or mqtt://) or port (should be 1883)
    # also, cert-file and key-file must be valid
    # and broker must be running on the server
    # yggdrasil-0.2.z provides a dedicated status subcommand, newer yggdrasil doesn't have anything like that
    if which yggdrasil >/dev/null 2>/dev/null; then
        yggdrasil status
    fi

    if ! systemctl is-active --quiet $YGGDRASIL_SERVICE; then
        echo ""
        echo "$YGGDRASIL_SERVICE failed to start! Check configuration in $CONFIGTOML and make sure the broker is running on the server."
        exit $?
    fi
fi

echo "Remote execution pull provider successfully configured!"
